ebook img

SELinux Linux Security Module PDF

59 Pages·2017·24.54 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview SELinux Linux Security Module

VSPMiner: Detec<ng Security Hazards in SEAndroid Vendor Customiza<ons via Large-Scale Supervised Machine Learning Xiangyu Liu, Yi Zhang, Yang Song Alibaba Security Whoami •  Xiangyu Liu •  Security Engineer @Alibaba •  CUHK PhD (2016) •  Academic: IEEE S&P, ACM CCS •  Industry: DEF CON •  Interests: Intrusion DetecMon, Mobile security •  Co-author: Yi Zhang, Yang Song @Alibaba Agenda •  Background •  VSPMiner •  EvaluaMon •  Summary Background-SEAndroid •  Android uses SELinux to enforce mandatory access control (MAC) over all processes. •  AYer Android 4.4 •  Privilege escalaMon becomes much more difficult Background-SEAndroid Framework SELinux Policy and Configura<on Files Security Server Context User Space Files Lookup Libselinux (support security policy ) … Policy Files read/write Mac Kernel Space permission SELinux Linux Record LSM Hooks Security Various Linux Configura<on Module (LSM) Kernel Services Files Background-SEAndroid Framework SELinux Policy and Configura<on Files Security Server Context User Space Files Lookup Libselinux (support security policy ) … Policy Files read/write Mac Kernel Space permission SELinux Linux Record LSM Hooks Security Various Linux Configura<on Module (LSM) Kernel Services Files Background-SEAndroid Policy •  The effecMveness of SEAndroid depends on the employed policies. •  allow/neverallow subject object:object_class permission •  sbj, obj, obj_class, perm (for short) •  Allow rules define benign operaMons •  E.g.,allow appdomain app_data_file:file {read write execute} •  Neverallow rules define privilege escalaMon (compile Mme) •  E.g.,neverallow untrusted_app init:file {read} •  Security labels <=> Concrete subjects/objects •  system_file <=> /system(/.*) •  system_data_file <=> /data(/.*) Vendors don’t know how to write policies @pof “Defeat SEAndroid” at Defcon 2013 Background-Refine Policy •  Using audit logs •  6-tuple access pamerns •  <concrete_sbj, sbj, concrete_obj, obj, obj_class, perm> •  Policy engineers parse the logs to refine policy •  Log access events not matched with allow rules Background-Challenges •  Millions of audit logs •  Expert experience •  Allow benign accesses •  Prevent malicious accesses •  Unknown new malicious access pamerns

Description:
Alibaba Security. VSPMiner: Detec>ng Security Hazards in SEAndroid Vendor Customiza>ons via Large-Scale Supervised Machine Learning
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.